CVE-2014-0103
Mandriva Linux Security Advisory 2014-182
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener informaciĆ³n sensible mediante la lectura de los ficheros PHP de sesiĆ³n.
Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server. Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-03 CVE Reserved
- 2014-07-29 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0380.html | X_refsource_confirm | |
| http://www.securityfocus.com/bid/68247 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1073618 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zarafa Search vendor "Zarafa" | Webapp Search vendor "Zarafa" for product "Webapp" | <= 1.5 Search vendor "Zarafa" for product "Webapp" and version " <= 1.5" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | <= 7.1.9 Search vendor "Zarafa" for product "Zarafa" and version " <= 7.1.9" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0 Search vendor "Zarafa" for product "Zarafa" and version "7.0" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.1 Search vendor "Zarafa" for product "Zarafa" and version "7.0.1" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.2 Search vendor "Zarafa" for product "Zarafa" and version "7.0.2" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.3 Search vendor "Zarafa" for product "Zarafa" and version "7.0.3" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.4 Search vendor "Zarafa" for product "Zarafa" and version "7.0.4" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.5 Search vendor "Zarafa" for product "Zarafa" and version "7.0.5" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.6 Search vendor "Zarafa" for product "Zarafa" and version "7.0.6" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.7 Search vendor "Zarafa" for product "Zarafa" and version "7.0.7" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.8 Search vendor "Zarafa" for product "Zarafa" and version "7.0.8" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.9 Search vendor "Zarafa" for product "Zarafa" and version "7.0.9" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.10 Search vendor "Zarafa" for product "Zarafa" and version "7.0.10" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.11 Search vendor "Zarafa" for product "Zarafa" and version "7.0.11" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.12 Search vendor "Zarafa" for product "Zarafa" and version "7.0.12" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.0.13 Search vendor "Zarafa" for product "Zarafa" and version "7.0.13" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.1.0 Search vendor "Zarafa" for product "Zarafa" and version "7.1.0" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.1.1 Search vendor "Zarafa" for product "Zarafa" and version "7.1.1" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.1.2 Search vendor "Zarafa" for product "Zarafa" and version "7.1.2" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.1.3 Search vendor "Zarafa" for product "Zarafa" and version "7.1.3" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.1.4 Search vendor "Zarafa" for product "Zarafa" and version "7.1.4" | - |
Affected
| ||||||
| Zarafa Search vendor "Zarafa" | Zarafa Search vendor "Zarafa" for product "Zarafa" | 7.1.8 Search vendor "Zarafa" for product "Zarafa" and version "7.1.8" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 19 Search vendor "Fedoraproject" for product "Fedora" and version "19" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 20 Search vendor "Fedoraproject" for product "Fedora" and version "20" | - |
Affected
| ||||||